CEO's: "OMG We been Hacked".... Meanwhile their IT dept/techs that asked for Expense Justification for industry standard security got denied...as usual.

I see it all the time where security is dead last in consideration. Normally we deal with Marketecture where our Business Users buy some software application fully designed and specced out by some slick Salesman. Then they tell IT to just install it and don't ask any questions... We are like OMG they did it again. BOHICA. Then, when we let them know about the need for Firewall's, DMZ's, encryption etc, they say, "Then how am I supposed to directly administer the Database", We say you shouldn't with customer databases.

In several cases IT has said "Yes go for it, install SQL on a machine under your desk, that way you can have full access to what you want to do.

When their machine fails and we find out that all reporting for our Warehouses was wiped out, as no backups were ever done, all hell breaks loose....some of us giggle just a little bit. I know bad form...sigh

The difference is that a bank has an interest in keeping your data secure, whereas the school doesn't. If sensitive customer records were stolen from a bank's systems... well, just use your imagination. The damage done to the customers could be pretty bad, but the damage done to peoples' trust in the banking system as a whole would be enormous.

It would be a foolish mistake to believe that any network is untouchable...

Going after the banks though would not only solidify your prison cell, it would pretty much turn the attention of every government agency in the world in your direction.... That is, if you ever made it to the cell...

I'm just now reading into this and am loving every minute of it. I look forward to see what they do next. I look more forward to seeing why they chose to hack their target. It's amusing, yes, but more interesting than anything.